Hacker News new | past | comments | ask | show | jobs | submit login

I've pretty much always taken 'sanitize' as a catch-all for all of the things you need to do.



Fair enough on that part. But it's the "their inputs" part that's just as problematic: whatever massaging you do to your "inputs", they'll always be unsafe in some contexts. You need to encode/escape your output.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: